The only concerns it noted in the draft report, due to be voted
upon today (2 July), related to the collection of data pertaining
to US citizens.

These claims have been made by the Privacy and Civil Liberties
Oversight Board (PCLOB), an independent agency within the
government, which conducted a review into the legal framework of Section
702 of the Foreign Intelligence Surveillance Act (FISC). This law
was adapted in 2008 to allow for the kind of intrusive and
warrant-free foreign data collection -- and inadvertent collection
on domestics -- that we have seen with Prism.

The programme, revealed to the public by Edward Snowden last
year, allows the NSA to compel telecoms and internet providers
(including the likes of Facebook and Google) to give up data, and
in some cases allows for data extraction straight from foreign and
domestic internet cables and phone networks. The latter is known as
"upstream" data collection. According to the PCLOB review,
around 25 percent of all NSA reports relating to international
terrorism include information "based in whole or in part" on
Section 702 data collection. Furthermore, from 2011 the NSA
acquired "approximately 26.5 million internet transactions a year
as a result of upstream collection". And despite filters being in
place for the vast quantities of data retrieved, 89,138 individuals
were targeted under Section 702 during 2013.

Despite the US promising on 25 June to begin building the legal
framework to provide non-US citizens with the same privacy rights its own
enjoy, and the US Congress voting on 20 June to cut
off funding to the NSA and CIA's "backdoor" programme, PCLOB found
that Prism was "clearly authorised" by law, and that the same law
"can permissibly be interpreted" to allow for "upstream" data
collection. (The latter phrase far from instils confidence that
Section 702 was penned with this intention in mind.) This is all
also in spite of the fact that in 2011, the US secret court
designated to deal with these matters found that the NSA's
"upstream" collection was "more expansive than previously
represented to the court". The court went on to express concerns
that the government "may have exceeded the scope of collection
previously approved by FISC and what could be authorised under
Section 702". Despite a judge stating this, the PCLOB seems content
to find the opposite. This, it argues, is because the NSA put
"minimisation procedures" in place. What those are and how they
affect the number of people the surveillance sweeps affect, is
unclear.

The only area the board had a slight argument with, was that of
surveillance of domestics under the law. Here, it says: "Certain
aspects of the Section 702 programme push [it] close to the line of
constitutional reasonableness. Such aspects include the unknown and
potentially large scope of the incidental collection of US persons'
communications, the use of 'about' collection to acquire internet
communications that are neither to nor from the target of
surveillance, and the use of queries to search for the
communications of specific US persons within the information that
has been collected."

The "about" section, relates to the government targeting a US
national whose name is mentioned somewhere in correspondence, but
about whom no evidence of wrongdoing is warranted. The board, for
some reason does not appear worried that it is "unable to assess
the scope of the incidental collection of US person information
under the programme". It does, however, want better filters for the
upstream communications (looking to independent experts and
telecommunications service providers for help here) to prevent that
inadvertent uptake.

On the foreign data collection front, there is one ray of hope.
The board said it will wait for the US administration's review into
potentially providing foreigners with the same privacy rights as US
citizens, noting that under international law "surveillance
conducted in one country that may affect residents of another
country, has to this point not been settled among the signatories
to the treaty and is the subject of ongoing spirited debate".

A stark warning by the board, though: "Issues relating to the
treatment of non-US persons in government surveillance programmes
are by no means limited to the Section 702 programme."

Overall, the decision is based upon the fact that: "the
programme has led the government to identify previously unknown
individuals who are involved in international terrorism, and it has
played a key role in discovering and disrupting specific terrorist
plots aimed at the United States and other countries." It backs
this up by pointing to the fact that in 30 cases (that have not
been declassified, but contain some general information the board
has access to) data gleaned under Section 702 was the "initial
catalyst that identified previously unknown terrorist operatives
and/or plots". In 20 cases this type of data was only useful "in
support of an already existing counterterrorism investigation".
This all contradicts the NSA's claims that 54 "success stories"
were totally down to data gleaned under Section 702 and another
section of the law.

Apparently in the "vast majority of these cases", the focus of
the surveillance was narrow and on a specific individual the
government had cause to suspect.

"In other cases that did not lead to disruption of a plot or
apprehension of conspirators, Section 702 appears to have been used
to provide warnings about a continuing threat or to assist in
investigations that remain ongoing."